snort-vl.spec 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569
  1. ################################################################
  2. # rpmbuild Package Options
  3. # ========================
  4. #
  5. # See README.build_rpms for more details.
  6. #
  7. # --with flexresp
  8. # Add flexresp capability to whatever package(s) you are
  9. # building.
  10. #
  11. # --with inline
  12. # Add inline capability to whatever package(s) you are
  13. # building. This will create its own inline package.
  14. #
  15. # --with mysql
  16. # Builds a binary/package with support for MySQL.
  17. #
  18. # --with postgresql
  19. # Builds a binary/package with support for PostgreSQL.
  20. #
  21. # --with unixODBC
  22. # Build a binary/package with support for unixODBC
  23. #
  24. # --with oracle
  25. # Builds a binary/package with support for Oracle.
  26. #
  27. # See pg 399 of _Red_Hat_RPM_Guide_ for rpmbuild --with and --without options.
  28. ################################################################
  29. # Other useful bits
  30. %define OracleHome /opt/oracle/OraHome1
  31. %define SnortRulesDir %{_sysconfdir}/snort/rules
  32. %define noShell /bin/false
  33. # Handle the options noted above.
  34. # Default of no flexresp, but --with flexresp will enable it
  35. %define flexresp 1
  36. %{?_with_flexresp:%define flexresp 1}
  37. %{?_without_flexresp:%define flexresp 0}
  38. # Default of no MySQL, but --with mysql will enable it
  39. %define mysql 0
  40. %{?_with_mysql:%define mysql 1}
  41. %{?_without_mysql:%define mysql 0}
  42. # Default of no PostgreSQL, but --with postgresql will enable it
  43. %define postgresql 0
  44. %{?_with_postgresql:%define postgresql 1}
  45. %{?_without_postgresql:%define postgresql 0}
  46. # Default of no unixODBC, but --with unixODBC will enable it
  47. %define unixODBC 0
  48. %{?_with_unixODBC:%define unixODBC 1}
  49. %{?_without_unixODBC:%define unixODBC 0}
  50. # Default of no Oracle, but --with oracle will enable it
  51. %define oracle 0
  52. %{?_with_oracle:%define oracle 1}
  53. # If not inline then we'll conflict with it
  54. %define conflicts snort-inline
  55. # Default of no Inline, but --with inline will enable it
  56. %define inline 0
  57. %define inlinetext %{nil}
  58. %{?_with_inline:%define inline 1}
  59. %{?_with_inline:%define inlinetext -inline }
  60. %{?_with_inline:%define conflicts snort }
  61. %define vendor Snort.org
  62. %define for_distro RPMs
  63. %define release 1
  64. %define realname snort
  65. # Look for a directory to see if we're building under cAos
  66. # Exit status is usually 0 if the dir exists, 1 if not, so
  67. # we reverse that with the '!'
  68. %define caos %([ ! -d /usr/lib/rpm/caos ]; echo $?)
  69. %if %{caos}
  70. # We are building for cAos (www.caosity.org) and the autobuilder doesn't
  71. # have command line options so we have to fake the options for whatever
  72. # packages we actually want here, in addition to tweaking the package
  73. # info.
  74. %define vendor cAos Linux
  75. %define for_distro RPMs for cAos Linux
  76. %define mysql 1
  77. %define postgresql 1
  78. %define release 1.caos
  79. %endif
  80. Name: %{realname}%{inlinetext}
  81. %{?_with_inline:%define Name: %{realname}-inline }
  82. Version: 2.9.5.6
  83. Epoch: 1
  84. Release: 1%{?_dist_release}
  85. Summary: An open source Network Intrusion Detection System (NIDS)
  86. Group: Applications/Internet
  87. License: GPL
  88. Url: http://www.snort.org/
  89. Source0: http://www.snort.org/snort-downloads/2.9.2/%{realname}-%{version}.tar.gz
  90. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
  91. #Packager: Official Snort.org %{for_distro}
  92. #Vendor: %{vendor}
  93. Vendor: Project Vine
  94. Distribution: Vine Linux
  95. BuildRequires: autoconf, automake, flex, bison
  96. BuildRequires: pcre-devel
  97. BuildRequires: libpcap-devel
  98. BuildRequires: daq
  99. BuildRequires: libdnet-devel
  100. BuildRequires: zlib-devel
  101. BuildRequires: iptables-devel
  102. BuildRequires: libnfnetlink-devel
  103. BuildRequires: libnetfilter_queue-devel
  104. Conflicts: %{conflicts}
  105. %if %{flexresp}
  106. BuildRequires: libnet
  107. %define EnableFlexresp --enable-flexresp
  108. %endif
  109. # Itables-devel removed from BuildReq as RH does not supply that package.
  110. # Will replace iptables-devel buildreq with a scripted solution. --jh
  111. %if %{inline}
  112. BuildRequires: libnet
  113. %define EnableInline --enable-inline
  114. %endif
  115. %package mysql
  116. Summary: Snort with MySQL support
  117. Group: Applications/Internet
  118. Requires: %{name} = %{epoch}:%{version}-%{release}
  119. %if %{mysql}
  120. BuildRequires: mysql-devel
  121. %endif
  122. %description mysql
  123. Snort binary compiled with mysql support.
  124. %package postgresql
  125. Summary: Snort with PostgreSQL support
  126. Group: Applications/Internet
  127. Requires: %{name} = %{epoch}:%{version}-%{release}
  128. %if %{postgresql}
  129. BuildRequires: postgresql-devel
  130. %endif
  131. %description postgresql
  132. Snort binary compiled with postgresql support.
  133. %package unixODBC
  134. Summary: Snort with unixODBC support
  135. Group: Applications/Internet
  136. Requires: %{name} = %{epoch}:%{version}-%{release}
  137. %if %{unixODBC}
  138. BuildRequires: unixODBC-devel
  139. %endif
  140. %description unixODBC
  141. Snort binary compiled with unixODBC support.
  142. %package oracle
  143. Summary: Snort with Oracle support
  144. Group: Applications/Internet
  145. Requires: %{name} = %{epoch}:%{version}-%{release}
  146. %description oracle
  147. Snort binary compiled with Oracle support.
  148. EXPERIMENTAL!! I don't have a way to test this, so let me know if it works!
  149. ORACLE_HOME=%{OracleHome}
  150. %description
  151. Snort is an open source network intrusion detection system, capable of
  152. performing real-time traffic analysis and packet logging on IP networks.
  153. It can perform protocol analysis, content searching/matching and can be
  154. used to detect a variety of attacks and probes, such as buffer overflows,
  155. stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
  156. and much more.
  157. Snort has three primary uses. It can be used as a straight packet sniffer
  158. like tcpdump(1), a packet logger (useful for network traffic debugging,
  159. etc), or as a full blown network intrusion detection system.
  160. You MUST edit /etc/snort/snort.conf to configure snort before it will work!
  161. There are 5 different packages available. All of them require the base
  162. snort rpm (this one). Additionally, you may need to chose a different
  163. binary to install if you want database support.
  164. If you install a different binary package %{_sbindir}/snort should end up
  165. being a symlink to a binary in one of the following configurations:
  166. plain Snort (this package, required)
  167. mysql Snort with mysql (optional)
  168. postgresql Snort with postgresql (optional)
  169. unixODBC Snort with unixODBC (optional)
  170. oracle Snort with oracle (optional, not official)
  171. inline Snort with inline support (optional)
  172. Please see the documentation in %{_docdir}/%{realname}-%{version} for more
  173. information on snort features and configuration.
  174. %prep
  175. %setup -q -n %{realname}-%{version}
  176. # When building from a Snort.org CVS snapshot tarball, you have to run
  177. # autojunk before you can build.
  178. if [ \( ! -s configure \) -a \( -x autojunk.sh \) ]; then
  179. ./autojunk.sh
  180. fi
  181. # Make sure it worked, or die with a useful error message.
  182. if [ ! -s configure ]; then
  183. echo "Can't find ./configure. ./autojunk.sh not present or not executable?"
  184. exit 2
  185. fi
  186. %build
  187. BuildSnort() {
  188. %__mkdir "$1"
  189. cd "$1"
  190. %__ln_s ../configure ./configure
  191. if [ "$1" = "plain" ] ; then
  192. ./configure $SNORT_BASE_CONFIG \
  193. --without-mysql \
  194. --without-postgresql \
  195. --without-oracle \
  196. --without-odbc \
  197. %{?EnableFlexresp} %{?EnableFlexresp2} \
  198. %{?EnableInline}
  199. fi
  200. if [ "$1" = "mysql" ]; then
  201. ./configure $SNORT_BASE_CONFIG \
  202. --with-mysql \
  203. --with-mysql-libraries=%{_libdir} \
  204. --without-postgresql \
  205. --without-oracle \
  206. --without-odbc \
  207. %{?EnableFlexresp} %{?EnableFlexresp2} \
  208. %{?EnableInline}
  209. fi
  210. if [ "$1" = "postgresql" ]; then
  211. ./configure $SNORT_BASE_CONFIG \
  212. --without-mysql \
  213. --with-postgresql \
  214. --without-odbc \
  215. --without-oracle \
  216. %{?EnableFlexresp} %{?EnableFlexresp2} \
  217. %{?EnableInline}
  218. fi
  219. if [ "$1" = "unixODBC" ]; then
  220. ./configure $SNORT_BASE_CONFIG \
  221. --without-mysql \
  222. --without-postgresql \
  223. --with-odbc=%{_libdir} \
  224. --without-oracle \
  225. %{?EnableFlexresp} %{?EnableFlexresp2} \
  226. %{?EnableInline}
  227. fi
  228. if [ "$1" = "oracle" ]; then
  229. export ORACLE_HOME=%{OracleHome}
  230. ./configure $SNORT_BASE_CONFIG \
  231. --without-mysql \
  232. --without-postgresql \
  233. --without-odbc \
  234. --with-oracle=$ORACLE_HOME \
  235. %{?EnableFlexresp} %{?EnableFlexresp2} \
  236. %{?EnableInline}
  237. fi
  238. %__make
  239. %__mv src/snort ../%{name}-"$1"
  240. cd ..
  241. }
  242. CFLAGS="$RPM_OPT_FLAGS"
  243. export AM_CFLAGS="-g -O2"
  244. SNORT_BASE_CONFIG="--prefix=%{_prefix} \
  245. --bindir=%{_sbindir} \
  246. --sysconfdir=%{_sysconfdir}/snort \
  247. --with-libpcap-includes=%{_includedir} \
  248. --enable-decoder-preprocessor-rules --enable-targetbased \
  249. "
  250. # Always build snort-plain
  251. BuildSnort plain
  252. # Maybe build the others
  253. %if %{mysql}
  254. BuildSnort mysql
  255. %endif
  256. %if %{postgresql}
  257. BuildSnort postgresql
  258. %endif
  259. %if %{oracle}
  260. BuildSnort oracle
  261. %endif
  262. %if %{unixODBC}
  263. BuildSnort unixODBC
  264. %endif
  265. %install
  266. # Remove leftover CVS files in the tarball, if any...
  267. find . -type 'd' -name "CVS" -print | xargs %{__rm} -rf
  268. InstallSnort() {
  269. if [ "$1" = "mysql" ]; then
  270. %__install -p -m 0755 %{name}-mysql %{buildroot}%{_sbindir}/%{name}-mysql
  271. fi
  272. if [ "$1" = "postgresql" ]; then
  273. %__install -p -m 0755 %{name}-postgresql %{buildroot}%{_sbindir}/%{name}-postgresql
  274. fi
  275. if [ "$1" = "unixODBC" ]; then
  276. %__install -p -m 0755 %{name}-unixODBC %{buildroot}%{_sbindir}/%{name}-unixODBC
  277. fi
  278. if [ "$1" = "oracle" ]; then
  279. %__install -p -m 0755 %{name}-oracle %{buildroot}%{_sbindir}/%{name}-oracle
  280. fi
  281. if [ "$1" = "plain" ]; then
  282. %__rm -rf %{buildroot}
  283. %__mkdir_p -m 0755 %{buildroot}%{_sbindir}
  284. %__mkdir_p -m 0755 %{buildroot}%{SnortRulesDir}
  285. %__mkdir_p -m 0755 %{buildroot}%{_sysconfdir}/snort
  286. %__mkdir_p -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
  287. %__mkdir_p -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
  288. %__mkdir_p -m 0755 %{buildroot}%{_var}/log/snort
  289. %__mkdir_p -m 0755 %{buildroot}%{_initrddir}
  290. %__mkdir_p -m 0755 %{buildroot}%{_mandir}/man8
  291. %__mkdir_p -m 0755 %{buildroot}%{_docdir}/%{realname}-%{version}
  292. %__install -p -m 0755 %{name}-plain %{buildroot}%{_sbindir}/%{name}-plain
  293. %__mkdir_p -m 0755 %{buildroot}%{_libdir}/%{realname}-%{version}_dynamicengine
  294. %__mkdir_p -m 0755 %{buildroot}%{_libdir}/%{realname}-%{version}_dynamicpreprocessor
  295. %__install -p -m 0755 plain/src/dynamic-plugins/sf_engine/.libs/libsf_engine.so.0 %{buildroot}%{_libdir}/%{realname}-%{version}_dynamicengine
  296. %__ln_s -f %{_libdir}/%{realname}-%{version}_dynamicengine/libsf_engine.so.0 %{buildroot}%{_libdir}/%{realname}-%{version}_dynamicengine/libsf_engine.so
  297. %__install -p -m 0755 plain/src/dynamic-preprocessors/build/%{_prefix}/lib/snort_dynamicpreprocessor/*.so* %{buildroot}%{_libdir}/%{realname}-%{version}_dynamicpreprocessor
  298. for file in %{buildroot}%{_libdir}/%{realname}-%{version}_dynamicpreprocessor/*.so; do
  299. preprocessor=`basename $file`
  300. %__ln_s -f %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/$preprocessor.0 $file
  301. done
  302. %__install -p -m 0644 snort.8 %{buildroot}%{_mandir}/man8
  303. %__gzip %{buildroot}%{_mandir}/man8/snort.8
  304. %__install -p -m 0755 rpm/snortd %{buildroot}%{_initrddir}
  305. %__install -p -m 0644 rpm/snort.sysconfig %{buildroot}/%{_sysconfdir}/sysconfig/%{realname}
  306. %__install -p -m 0644 rpm/snort.logrotate %{buildroot}/%{_sysconfdir}/logrotate.d/snort
  307. %__install -p -m 0644 etc/reference.config etc/classification.config \
  308. etc/unicode.map etc/gen-msg.map \
  309. etc/threshold.conf etc/snort.conf \
  310. %{buildroot}/%{_sysconfdir}/snort
  311. find doc -maxdepth 1 -type f -not -name 'Makefile*' -exec %__install -p -m 0644 {} %{buildroot}%{_docdir}/%{realname}-%{version} \;
  312. %__rm -f %{buildroot}%{_docdir}/%{realname}-%{version}/Makefile.*
  313. fi
  314. }
  315. # Fix the RULE_PATH
  316. %__sed -e 's;var RULE_PATH ../rules;var RULE_PATH %{SnortRulesDir};' \
  317. < etc/snort.conf > etc/snort.conf.new
  318. %__rm -f etc/snort.conf
  319. %__mv etc/snort.conf.new etc/snort.conf
  320. # Fix dynamic-preproc paths
  321. %__sed -e 's;dynamicpreprocessor directory \/usr\/local/lib\/snort_dynamicpreprocessor;dynamicpreprocessor directory %{_libdir}\/%{realname}-%{version}_dynamicpreprocessor;' < etc/snort.conf > etc/snort.conf.new
  322. %__rm -f etc/snort.conf
  323. %__mv etc/snort.conf.new etc/snort.conf
  324. # Fix dynamic-engine paths
  325. %__sed -e 's;dynamicengine \/usr\/local/lib\/snort_dynamicengine;dynamicengine %{_libdir}\/%{realname}-%{version}_dynamicengine;' < etc/snort.conf > etc/snort.conf.new
  326. %__rm -f etc/snort.conf
  327. %__mv etc/snort.conf.new etc/snort.conf
  328. # Always install snort-plain
  329. InstallSnort plain
  330. # Maybe install the others
  331. %if %{mysql}
  332. InstallSnort mysql
  333. %endif
  334. %if %{postgresql}
  335. InstallSnort postgresql
  336. %endif
  337. %if %{unixODBC}
  338. InstallSnort unixODBC
  339. %endif
  340. %if %{oracle}
  341. InstallSnort oracle
  342. %endif
  343. %clean
  344. %__rm -rf %{buildroot}
  345. %pre
  346. # Don't do all this stuff if we are upgrading
  347. if [ $1 = 1 ] ; then
  348. /usr/sbin/groupadd snort 2> /dev/null || true
  349. /usr/sbin/useradd -M -d %{_var}/log/snort -s %{noShell} -c "Snort" -g snort snort 2>/dev/null || true
  350. fi
  351. %post mysql
  352. if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then
  353. %__rm -f %{_sbindir}/snort; %__ln_s -f %{_sbindir}/%{name}-mysql %{_sbindir}/snort
  354. fi
  355. %post postgresql
  356. if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then
  357. %__rm -f %{_sbindir}/snort; %__ln_s -f %{_sbindir}/%{name}-postgresql %{_sbindir}/snort
  358. fi
  359. %post unixODBC
  360. if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then
  361. %__rm -f %{_sbindir}/snort; %__ln_s -f %{_sbindir}/%{name}-unixODBC %{_sbindir}/snort
  362. fi
  363. %post oracle
  364. if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then
  365. %__rm -f %{_sbindir}/snort; %__ln_s %{_sbindir}/%{name}-oracle %{_sbindir}/snort
  366. fi
  367. %post
  368. # Make a symlink if there is no link for snort-plain
  369. if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then \
  370. %__rm -f %{_sbindir}/snort; %__ln_s %{_sbindir}/%{name}-plain %{_sbindir}/snort; fi
  371. # We should restart it to activate the new binary if it was upgraded
  372. %{_initrddir}/snortd condrestart 1>/dev/null 2>/dev/null
  373. # Don't do all this stuff if we are upgrading
  374. if [ $1 = 1 ] ; then
  375. %__chown -R snort.snort %{_var}/log/snort
  376. /sbin/chkconfig --add snortd
  377. fi
  378. %preun
  379. if [ $1 = 0 ] ; then
  380. # We get errors about not running, but we don't care
  381. %{_initrddir}/snortd stop 2>/dev/null 1>/dev/null
  382. /sbin/chkconfig --del snortd
  383. fi
  384. %postun
  385. # Try and restart, but don't bail if it fails
  386. if [ $1 -ge 1 ] ; then
  387. %{_initrddir}/snortd condrestart 1>/dev/null 2>/dev/null || :
  388. fi
  389. # Only do this if we are actually removing snort
  390. if [ $1 = 0 ] ; then
  391. if [ -L %{_sbindir}/snort ]; then
  392. %__rm -f %{_sbindir}/snort
  393. fi
  394. /usr/sbin/userdel snort 2>/dev/null
  395. fi
  396. %postun mysql
  397. if [ -L %{_sbindir}/snort ]; then
  398. %__rm -f %{_sbindir}/snort
  399. %__ln_s -f %{_sbindir}/%{name}-plain %{_sbindir}/snort
  400. fi
  401. %postun postgresql
  402. if [ -L %{_sbindir}/snort ]; then
  403. %__rm -f %{_sbindir}/snort
  404. %__ln_s -f %{_sbindir}/%{name}-plain %{_sbindir}/snort
  405. fi
  406. %postun unixODBC
  407. if [ -L %{_sbindir}/snort ]; then
  408. %__rm -f %{_sbindir}/snort
  409. %__ln_s -f %{_sbindir}/%{name}-plain %{_sbindir}/snort
  410. fi
  411. %postun oracle
  412. if [ -L %{_sbindir}/snort ]; then
  413. %__rm -f %{_sbindir}/snort
  414. %__ln_s -f %{_sbindir}/%{name}-plain %{_sbindir}/snort
  415. fi
  416. %files
  417. %defattr(-,root,root,-)
  418. %{_sbindir}/%{name}-plain
  419. %{_mandir}/man8/snort.8.*
  420. %dir %{SnortRulesDir}
  421. %config(noreplace) %{_sysconfdir}/snort/classification.config
  422. %config(noreplace) %{_sysconfdir}/snort/reference.config
  423. %config(noreplace) %{_sysconfdir}/snort/threshold.conf
  424. %config(noreplace) %{_sysconfdir}/snort/*.map
  425. %config(noreplace) %{_sysconfdir}/logrotate.d/snort
  426. %config(noreplace) %{_sysconfdir}/snort/snort.conf
  427. %config(noreplace) %{_sysconfdir}/sysconfig/snort
  428. %config(noreplace) %{_initrddir}/snortd
  429. %attr(0755,snort,snort) %dir %{_var}/log/snort
  430. %dir %{_sysconfdir}/snort
  431. %{_docdir}/%{realname}-%{version}/*
  432. %dir %{_libdir}/%{realname}-%{version}_dynamicengine
  433. %{_libdir}/%{realname}-%{version}_dynamicengine/libsf_engine.*
  434. %dir %{_libdir}/%{realname}-%{version}_dynamicpreprocessor
  435. %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_*_preproc.*
  436. %dir %{_docdir}/%{realname}-%{version}
  437. %docdir %{_docdir}/%{realname}-%{version}
  438. %if %{mysql}
  439. %files mysql
  440. %defattr(-,root,root,-)
  441. %{_sbindir}/%{name}-mysql
  442. %endif
  443. %if %{postgresql}
  444. %files postgresql
  445. %defattr(-,root,root,-)
  446. %{_sbindir}/%{name}-postgresql
  447. %endif
  448. %if %{unixODBC}
  449. %files unixODBC
  450. %defattr(-,root,root,-)
  451. %{_sbindir}/%{name}-unixODBC
  452. %endif
  453. %if %{oracle}
  454. %files oracle
  455. %defattr(-,root,root,-)
  456. %{_sbindir}/%{name}-oracle
  457. %endif
  458. %changelog
  459. * Wed Jan 15 2014 Yoji TOYODA <bsyamato@sea.plala.or.jp> - 2.9.5.6-1
  460. - new upstream release
  461. * Fri Mar 16 2012 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 2.9.2.1-1
  462. - initial build for Vine Linux (based on official srpm)